CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 1CVE-2007-4397
https://notcve.org/view.php?id=CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. Múltiples vulnerabilidades de inyección CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, y otras secuencias de comandos no especificadas para XChat permite a atacantes remotos con la intervención del usuario ejecutar comandos IRC de su elección a través de secuencias CRLF en el nombre de la canción en un archivo .mp3. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html http://osvdb.org/39574 http://osvdb.org/39575 http://secunia.com/advisories/26454 http://secunia.com/advisories/26455 http://secunia.com/advisories/26484 http://secunia.com/advisories/26485 http://secunia.com/advisories/26486 http://secunia.com/advisories/26487 http://secunia.com/advisories/26488 http://securityreason.com/securityalert/3036 http://wouter.coekaerts.be/site/security/nowplaying http:/&# •
CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 0CVE-2007-0578
https://notcve.org/view.php?id=CVE-2007-0578
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 http://www.mpg123.de/cgi-bin/news.cgi http://www.securityfocus.com/bid/22274 http://www.vupen.com/english/advisories/2007/0366 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1655
https://notcve.org/view.php?id=CVE-2006-1655
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. • http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl http://secunia.com/advisories/20240 http://secunia.com/advisories/20275 http://secunia.com/advisories/20281 http://www.debian.org/security/2006/dsa-1074 http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 http://www.securityfocus.com/bid/17365 •
CVSS: 7.5EPSS: 9%CPEs: 15EXPL: 0CVE-2004-0991
https://notcve.org/view.php?id=CVE-2004-0991
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. • http://secunia.com/advisories/13779 http://secunia.com/advisories/13788 http://secunia.com/advisories/13899 http://security.gentoo.org/glsa/glsa-200501-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:009 http://www.securityfocus.com/bid/12218 •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 2CVE-2004-1284 – MPG123 0.59 - Find Next File Remote Client-Side Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1284
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. • https://www.exploit-db.com/exploits/24852 http://tigger.uic.edu/~jlongs2/holes/mpg123.txt http://www.novell.com/linux/security/advisories/2005_01_sr.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18626 •